diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2022-01-07 14:58:11 +0100 |
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2022-01-07 16:52:12 +0100 |
| commit | 41dc989676347f8d100a5393e68a648d67d682ea (patch) | |
| tree | bbd7ca5c325a51346bf30170d27a74a3cd64e389 | |
| parent | a84d6ec0f50578b767ea123e223259d35dc117f2 (diff) | |
| download | itzks-systems-41dc989676347f8d100a5393e68a648d67d682ea.tar.gz itzks-systems-41dc989676347f8d100a5393e68a648d67d682ea.tar.bz2 itzks-systems-41dc989676347f8d100a5393e68a648d67d682ea.zip | |
sbin/itzks-update-disklserver-squashfs-images: Deploy SSH key file(s) and authorized_keys file into DLW chroot.
| -rwxr-xr-x | sbin/itzks-update-disklserver-squashfs-images | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/sbin/itzks-update-disklserver-squashfs-images b/sbin/itzks-update-disklserver-squashfs-images index cfe229c..73c1ae7 100755 --- a/sbin/itzks-update-disklserver-squashfs-images +++ b/sbin/itzks-update-disklserver-squashfs-images @@ -63,6 +63,31 @@ for chroot in ${ltsp_chroots}; do continue fi + # several chroot preparations (also helpful when directly booting the nfsroot)... + + # These preparations run with every script execution (i.e. daily via CRON) to make sure the + # NFS chroot is updated. + + # Copy an appropriate SSH secret key for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/id_<crypto>. + # Currently we prefer disklserver:/root/.ssh/id_<crypto>.DLW and fall back to the host's private key file + # (i.e. disklserver:/root/.ssh/id_<crypto>). + for priv_key_file in id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk d_rsa; do + + if [ -e "/root/.ssh/${priv_key_file}.DLW" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then + cp "/root/.ssh/${priv_key_file}.DLW" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" + elif [ -e "/root/.ssh/${priv_key_file}" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then + cp "/root/.ssh/${priv_key_file}" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" + fi + + done + + # Copy the SSH authorized_keys file for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys (e.g. disklserver:/root/.ssh/authorized_keys) + # Use host's authorized_keys file for granting DLW access via SSH as root without password + if [ -e "/root/.ssh/authorized_keys" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys" ]; then + cp "/root/.ssh/authorized_keys" "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys" + fi + + # Create the SquashFS image (if an update is required) if [ -e "${LTSP_OPT}/${chroot}/${latest_upgrade}.squashfs-created" ]; then echo "chroot ${LTSP_OPT}/${chroot}'s squashfs image is up-to-date. Skipping..." else |